I'm not very confident @ NOD32...

I uninstalled Norton Internet Security 2007 yesterday and installed NOD32.

While surfing last night NOD32 prevented several attacks...

~Snip~/install/YazzleBundle-1549.exe
Win32/TrojanDownloader.PurityScan.EG trojan
~snip~/install/is67389.exe
probably a variant of Win32/TrojanDownloader.ConHook trojan
~Snip~install/wr-1-0000077.exe
Win32/TrojanDownloader.Agent.NOJ trojan
~Snip~nstall/wr-1-0000077.exe
Win32/TrojanDownloader.Agent.NOJ trojan
C:\Program Files\poolsv\WinAntiSpyware2007FreeInstall.exe
Win32/Adware.WinFixer application
C:\...LOCALS~1\Temp\poolsv.exe.
C:\...Local Settings\Temporary Internet Files\Content.IE5\LK9I6F0S\WinAntiSpyware2007FreeInstall[1].exe
Win32/Adware.WinFixer application
C:\...LOCALS~1\Temp\poolsv.exe.
~snip~iles/installers/WinAntiSpyware2007FreeInstall.exe
Win32/Adware.WinFixer application

That was great. I would have been hosed.

To be safe, I checked my Windows directory to see if anything looked abnormal.
I saw the following:

C:\Program Files\poolsv\svhost.exe
C:\WINDOWS\poolsv.exe
C:\WINDOWS\svhost.exe

Those aren’t good files to have.

I right clicked on svhost.exe and did a scan w/ EOD32.
It gave the following:
Scan performed at: 6/14/2007 23:22:37 PM
Date: 14.6.2007 Time: 23:22:48
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\WINDOWS\svhost.exe
Number of scanned files: 1
Number of threats found: 0
Time of completion: 23:22:49 Total scanning time: 1 sec (00:00:01)

I did a search for svhost.exe. One of the pages that came up was Norton listing file info and how to get rid of it.

Why were those file installed? Why did EOD32 not find that file as a threat?

I feel like I might be safer going back to Norton.

Also, Why does EOD32 stop scanning & present a prompt on what to do to a file? It should keep scanning even though a prompt has been presented.

Rastus

 

Re: I'm not very confident @ EOD32...

Hi Rastus, welcome to Wilders.

Hi there, could you please check your settings against those found in the following NOD32 Tutorial: https://www.wilderssecurity.com/showthread.php?t=37509

AFTER this run a scan by following these steps:

1. Click on the NOD32 Control Centre (Green and White split square on the bottom right hand corner of your computers screen).
2. Click on NOD32.
3. Click on Run NOD32.
4. Click on “Scan and Clean”.
5. Reboot your Computer into “Safe Mode”.
6. Click on Start> All Programs> ESET> NOD32
7. Click on “Scan and Clean”.
8. Check the scan results.

Let us know how you go...

Cheers

 

Re: I'm not very confident @ EOD32...

The malware was detected.

It's possible that the files;

C:\Program Files\poolsv\svhost.exe
C:\WINDOWS\poolsv.exe
C:\WINDOWS\svhost.exe

were cleaned by NOD32 (check all information in viruslog) or those files were there before...?

A search for the files isn't enough to say those files are malicous.
No AV can determine a file by a filename only, you may check the files on www.virustotal.com (do not post the results here).

Take a look at BlackSpears settings for NOD32. You will see that it's easy to make decisions about NOD32's actions before any malware is even detected.

No more pop-ups about what to do when malware is found.

 

Re: I'm not very confident @ EOD32...

Please send any suspicious files not picked by by NOD32 in an archive (RAR/ZIP) protected with the password "infected" to support[at]eset.com with this thread's url in the subject and enclose a log from Autoruns as well.

 

Re: I'm not very confident @ EOD32...

Thank you for your replies.

I’m currently going through BlackSpears tutorial. I have a questions regarding post #35. “Quarantine ONLY makes a secure copy of the Virus or Trojan found so it can be sent to Eset for further analysis, it does NOT isolate the Virus or Trojan.”

If I put a tick mark on Clean and a tick mark on Copy to Quarantine. Then I put a tick mark on Delete and on Copy to Quarantine I will have a backup of the infected file by way of it being quarantined. Is this correct? I hope I’m making sense.

Marcos:

I have removed the files from my computer. I might still have a HijackThis log. Let me know if you want search for it.

Thanks,
Rastus

 

Re: I'm not very confident @ EOD32...

Yes, ESET use the Quarantine function as a safety method of backing up a file in case of it being a False Positive, even though the possibility of such a false detection is very remote. This secure method of backing up before deletion is a good thing to do.

Cheers

 

Re: I'm not very confident @ EOD32...

BlackSpear-

Thank you.
And, thank you for your dedication to this forum.

I think I'm going to move on to another program.
It might be that NOD32 is for people wanting to be more involved in the tweaking of the application and hunting for threats than I am. Choices and information are powerful but if the GUI doesn’t give a logical way to utilize the choices and information the program is probably not for me. I don’t think the NOD32’s GUI is very intuitive.
I don't like performing a five hour scan to receive a 2380 line report listing files that were unable to be accessed. If the files are locked let me know when I try to execute one. Not every time I run a scan which results in a huge convoluted report. Most likely there’s a choice to turn off the reporting of locked files. I don’t want to spend a lot of time figuring it out.
On this report 13 lines indicated problems. I went to the C:\Program Files\ESET\infected folder only to find the files are labeled in some cryptic form. Only one file was most likely infected. It was a RAR file of an archived program. The other program that was flagged was a program I used to remove previous spyware found on my computer, Smitfraudfix http://www.bleepingcomputer.com/files/smitfraudfix.php. I had copied it to various drives so it was flagged multiple times.

Thanks for letting me try the software ESET.

Rastus

P.S. I now realize I was calling the software EOD32. If I’m going to write in a forum I should at least state the correct name of the software. I apologize.

 

Re: I'm not very confident @ EOD32...

Rastus , before signing off , please have a look at ESET's next generation product ESET Smart Security . Lots of things you don't like in the current NOD32 v2 (and things you talk about) are not present there .

Uninstall NOD32 , reboot , delete the folder C:\Program files\ESET . Uninstall any 3rd party firewall you might be using . Then download and install from www.eset.com/beta or directly from http://download1.eset.com/special/essbeta1a/ess_nt32_enu.msi

ESS forum
https://www.wilderssecurity.com/forumdisplay.php?f=18

Enjoy !

 

Re: I'm not very confident @ EOD32...

Default settings provide full protection against threats, Blackspear's settings are just a sort of icing on the cake. All you need to do is run the installer, enter your username and password and click Next until the installation is completed. No additional tweaking is necessary, I'm sorry if these extra settings let you down and discouraged you from using NOD32.

 

Re: I'm not very confident @ EOD32...

You are welcome, and it is a pleasure.

That's a pity, out of the box NOD32 is fine, however it will prompt you for choices when an infection is found, at which point panic can set in, though if during the calm you set up all your choices nothing will be there to prompt and panic you should a storm hit

Locked files are system swap files locked by Windows, whereas other antivirus programs do not show these files, NOD32 makes the choice not to hide any such file.

We have asked that these files can have the choice of being hidden, however this may or may not be implemented in version 3.0 final release (currently going through Beta testing).

This is correct, files are copied to Quarantine and encrypted for protection.

This too is correct, it is flagged as a "Potentially unwanted and unsafe application".

Once NOD32 is set up as per the Tutorial it really is a set and forget program, it simply sits in the background doing its job silently. I would encourage you to stick with it until the end of the trial at least and see how it goes...

Cheers

 

Try VundoFix

http://www.atribune.org/content/view/24/2/

 

Yikes! In a typical week, I encounter zero malware. Consider changing your surfing habits. Anti-virus software is very much like a condom. Most of the time it protects you, but if you continuously engage in risky activities, sooner or later you're gonna catch something.

Without any tweaking, NOD-32 runs silently unless it spots a virus or other malware. It offers more protection than Norton and runs lightning fast. I encourage you to stick with it another week, but to each their own.

 

Ditto. A while back I was concerning myself too much with Comparatives results, and failed to take into consideration that i have only ever had one virus. ever. in the history of me and the internet. NOD is by no means perfect, but if you are careful, it will serve you better than any other AV on the market today. Stick with it, but then again, dont think that you will offend everyone because it wasnt for you. Each to their own, and good luck finding the right product for you.

 

For some reason having a security program providing details about it's activity seems to disturb some people. The NOD32 scanning information including the information that some files could not be opened annoys some users. The difference between NOD32 and the other programs is that NOD32 tells the user exactly what it is doing while most other AV programs by default do not tell you all of the information such as when they can't scan locked files. The number of NOD32 options also makes some people feel NOD32 is complicated or that it requires allot of constant hands on tweaking but most long term users of the program know that a continuous tweaking of the program options is not necessary. Unlike most other AV programs the advanced NOD32 configuration options are available to users familiar with the program so they can customize NOD32 however they want.

In the past I used Norton, McAfee, CA AV, and many other AVs. Contrary to the perception of some users that NOD32 is more difficult to use I have actually found NOD32 to be by far one of the most trouble free, maintenance free and easy to update AV software programs. Once the optional Blackspear's settings are done you simply let it do its job. I used to waste so much time with NAV and McAfee and other AVs updating, rebooting, re-configuring for compatibility with other programs, un-installing, re-installing, etc.. I would always worry that the next AV update wouldn't work correctly or wonder what serious bugs, system slow down issues and compatibility problems would need to be dealt with in the next year's version.

For more than a year I have had NOD32 installed on more than eight systems that I manage. Except for the initial time I spent to set them up with the optional settings and after having to enter the license key a few extra times on some of the machines I have had ZERO problems and all of those machines have been free of viruses. NOD32 is one of the most trouble free AVs I have ever used. I am sure the newer NOD32 v3 or ESS will include an easier setup and more simple looking default interface for new users but I actually like the current interface with all its options and detailed information. It will be interesting to see how the new ESS or v3 user interface changes the perceptions of new NOD32 users compared to the previous versions of NOD32.

 

Re: I'm not very confident @ EOD32...

Why not make the Blackspear's settings the default. They are set and forget. People who want more active involvement would still be free to tweak as desired.

A better approach would be to scan the maximum number of files. This occurs with a scheduled scan (run as "SYSTEM"). The on demand scanner, run on demand does a much worse job https://www.wilderssecurity.com/showthread.php?t=174634

 

Indeed...